Security control for computer power supply subsystem

ABSTRACT

A computer system power-on security control apparatus is disclosed to provide shielding against unauthorized access to the computer systems. Firmware-level protection is provided instead of the conventional implementation at the operating system level. Repeated power-on and -off cycles inevitable in the process of trial entry of the password of the computer system can be avoided altogether, reducing the risk of potential damages to delicate subsystems in the computer while repeated trial of the password is attempted.

BACKGROUND OF THE INVENTION

1. Field of the Invention

The invention relates in general to the power supply control for acomputer system and, in particular, to the security control of thesupply of power to a computer system. More particularly, the inventionrelates to the effective security control of the supply of power to acomputer system for restricting unauthorized access to the system andfor avoiding possible damage to the system as a result of repeated trialaccess by powering up the system.

2. Technical Background

In typical microprocessor-based personal computer or workstationsystems, simple mechanical on/off contact switches were used toimplement the supply or cut-off of electrical power to the power supplyunit of early designs of these computer systems. When the mechanicalcontact switch installed in the power supply unit of a computer systemis turned off, open circuit status of the switch terminates the supplyof electrical power to the power supply circuitry, and the entirecomputer system is turned off. On the other hand, when the same mainswitch is turned on, the close-circuited switch supplies electricalpower such as the house 110V AC to the power supply circuitry, whichconverts the AC power into the appropriate DC powers (such as, positiveand negative 5 and 12 volts DC) for supplying to all the subsystems inthe computer. With the steady supply of all the necessary DC powers, thecomputer system may then initiate its start-up sequence, and the systemboots up subsequently.

Mechanical contact switches used in these earlier computer systemsrelies on human operation by hand, so that the computer system can beturned on or off. Without the intervention of human operator, thecomputer had no means to turn itself power-on or -off. Meanwhile, oncethe main power switch is switched and maintained on, the system wouldinitiate and execute its starting sequence of operations. If noeffective password control scheme was incorporated at either the systemfirmware (that is, the Basic Input/Output System (BIOS) in the case of a×86-based IBM-compatible computer) or the operating system level, oncepowered up, the entire system, together with all its data, is exposed toanyone having access to the system.

Models of the Macintosh series of personal computer systems manufacturedby Apple Computer Inc. of Cupertino, Calif. employ a designated key onthe keyboard to control the powering up and down. Though convenient,however, they also lack the effective security as in the earlyIBM-compatibles. Once a system has its power cord connected in theutility socket, anyone who can get access to the computer can simplybring up the system by depressing the power up key on the keyboard. Such"soft power control" is open to anyone having access to the keyboard ofthe system. Firmware and/or operating system level program routinessimilar to those mentioned above in the ×86 world would have to be usedto provide access restriction for these computer systems.

On the other hand, Intel Corporation of Santa Clara, Calif. had proposeda computer motherboard specification known as the ATX standard whosepower supply subsystem no longer relies on the simple mechanical contactswitch for the direct power up and down control of the computer system.Instead, the ATX implements a form of soft power control undersupervision of a circuitry integrated in the computer system itself.Functionality more than simply and manually switching on and off on themain power switch are provided to a motherboard of the ATX standard sothat control over the computer system can be more versatile.

For example, in the case of ATX specification version 2.01, the standbypower 5VSB is a 5-volt DC power source that fans out a maximum of 0.7amperes of current. This provides power for those basic power managementcircuitry in the computer system when the main power supply is cut off.These power management circuitry may be programmed to implement variousconvenience functionality of the computer system. For instance, thesystem can be programmed to start itself automatically in the midnightin a manner unattended by any operator so as to send internationalfacsimile transmissions in the discount rate time periods of the localtelephone company. Or, the computer system may be waken up in theevening by the incoming requests for remote modem connection in order toreceive file transmissions.

However, such concepts of soft power management as implemented by theserecent standards such as ATX still lack the provision for positive dataprotection by proper security measures as did the above-describedprior-art computer systems. When a computer system adopting the ATXstandard is started by a user (either authorized or not) by switching-onthe main power switch, the power supply is then turned on, and thesystem initiates to perform its start up sequence of operations. At thismoment, if neither the system firmware nor the operation system has beenequipped with adequate security program such as password checking,anyone has direct access to the system can have access to the datacontained in the computer. Such systems are as unprotected as were theearlier generation of computers having mechanical main power switch.

When such a conventional computer system equipped with a firmware oroperating system-level security system is subject to unauthorizedaccess, whoever trying to break into the system must enter the correctpassword. However, most conventional computer systems employ a simplerule of password entry, namely, the user can try a limited number oftimes to enter the password. If after the specified times of trial, theunauthorized user still could not enter the correct password, the systemwould simply lock. Keyboard of the computer system will no longer beresponding to any new entries. In this case, the unauthorized user willhave to turn off the power to the computer system and then turn it backon again. This allows the unauthorized user to get to the new passwordentry-point again. This process of power-on and -off must be performedrepeatedly before the correct password is entered if the unauthorizeduser wished to keep trying to break into the system. During this processof repeated switching-on and -off of the main power supply, the computersystem is exposed to increased possibilities of premature failure. Thisis because a normal computer system has not been designed to operatethis way.

As is familiar to experienced ones in the field, microprocessor-basedcomputer systems operate on power supply subsystems that do not allowfor, at least do not recommend, repeated switching-on and -off during ashort period of time. Successive power-on and -off actions within ashort period of time are considered un-normal operation though they arebasically allowable for well-designed power supply units. These powersupplies are equipped with protection circuitry that prevents themselvesfrom powering-on within a specified time period of, for example, a fewseconds after being turned off. Though circuit boards in a computersystem can thus be protected from potential damages in successivepower-on and -off sessions when a unauthorized user tries to break intothe system, other components such as disk drives are not as wellprotected. This is because spindle motors for modem hard disk drives arenot designed for such operation schemes. They are supposed to be turnedon and maintained power-on for a long period of time.

SUMMARY OF THE INVENTION

It is therefore an object of the invention to provide a security controlapparatus for the computer power supply subsystem that determineswhether or not to initiate the main power supply to a computer systembased on the validity of the password input.

It is another object of the invention to provide a security controlapparatus for the computer power supply subsystem that preventspotential physical damages to components in a computer system caused byunauthorized trials to bring up the system.

In order to achieve the above-specified objects, the invention providesa security control apparatus for computer power supply subsystem thatcomprises a keyboard intercept unit for intercepting the keyboardsignals communicating between the keyboard controller interface of themainboard circuitry and the keyboard when the computer system is poweredoff. A keyboard input data decoder receives and decodes the keyboardsignals intercepted by the keyboard intercept unit. A first-in first-outbuffer connected to the output of the keyboard input data decoder storesthe decoded data of the keyboard signals in a pre-determined format. Apassword memory is used for storing the preset password designated forthe authorized power-up of the computer system. A comparing unit haseach of the two inputs connected to the output of the first-in first-outbuffer and the password memory respectively, compares the matching ofthe keyboard signals and the preset password and generates a signalindicating the matching condition of the comparison. And, a power supplycontrol unit receives the matching condition generated by the comparingunit for generating a control signal based on the logical status of thematching condition in order to control and power up the power supply ofthe computer system upon positive result of the matching condition.

BRIEF DESCRIPTION OF THE DRAWINGS

Other objects, features, and advantages of the present invention willbecome apparent by way of the following detailed description of thepreferred but non-limiting embodiments. The description is made withreference to the accompanying drawings in which:

FIG. 1 is a simplified block diagram showing the circuit configurationof the keyboard controller interfacing with its corresponding externalkeyboard unit in a conventional computer system;

FIG. 2 is a block diagram showing the circuit configuration employing asecurity control apparatus in accordance with a preferred embodiment ofthe invention for the keyboard controller to interface with itscorresponding external keyboard unit in a computer system;

FIG. 3 is a block diagram showing the circuit configuration of thesecurity control apparatus in accordance with the preferred embodimentof the invention; and

FIG. 4 is a schematic diagram showing the circuit configuration of thesecurity control apparatus in accordance with the preferred embodimentof the invention.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS

As is illustrated in FIG. 1, the circuit configuration shows that thekeyboard interfacing section of the typical conventional computersystem, such as of a ×86-based IBM-compatible personal computer, is akeyboard controller interface (KBCI) 12 that interfaces between the corelogic of the computer system and its external keyboard unit (KB) 20.This is a design suitable for the mainboard or motherboard (MB) 10 ofthe modern computer system unit to interface with its physicallyseparate keyboard unit 20. The keyboard unit 20 has a microcontroller(not shown in the drawing) installed internally. Due to the fact that anormal keyboard unit is only required to handle human typing inputs,therefore, the processing power of the microcontroller installed in thekeyboard unit need not be excessive.

Typically, serial communication is used to establish connection betweenthe mainboard 10 of the system unit and the keyboard unit 20 in acomputer system. For instance, in the case of the depicted prior-artcircuitry example of FIG. 1, a pair of signals KBDATA and KBCLK are usedto establish the connection between the keyboard unit 20 and thekeyboard controller 12 of the motherboard 10 in the system unit. Suchserial communication fulfills the need for handling human typing inputswell. The use of less-powerful microcontroller and serial communicationchannels is beneficial in cost reduction of the entire computer system.

In the depicted conventional computer system of FIG. 1, both powerV_(DD) and ground GND paths are also provided in addition to the KBDATAand KBCLK signals. In order to avoid radio frequency interference, thispair of power supply is normally provided to the keyboard unit 20 viaproper isolation. In the case of the circuitry of FIG. 1, the keyboardcontroller 12 provides this power to the external keyboard unit 20.

When compared to the system logic circuitry of the conventional computersystems, the security control apparatus of the invention for thecomputer power supply subsystem may be an independent circuitry that canbe added to the typical computer system of FIG. 1. In a preferredembodiment of the invention, this security control apparatus can beinserted between the external keyboard unit 20 and the keyboardcontroller 12 of the motherboard 10, while tapping into the signal pathsconnecting the two together. A block diagram of the embodiment of suchan implementation can be seen in FIG. 2. As illustrated, the securitycontrol apparatus 40 constructed based on an embodiment of the inventioncan be incorporated into the logic circuitry of a computer system andinteracts with the keyboard controller 12 of the motherboard 10, theexternal keyboard unit 20, as well as the power supply unit (PSU) 30.FIG. 2 depicts the configuration of such an implementation.

As illustrated in the drawing, the security control apparatus 40embodying the invention may itself be an independent circuit module thatcan be used to intercept the keyboard signals KBDATA and KBCLKcommunicating between the external keyboard unit 20 and the keyboardcontroller 12 of the computer motherboard 10. The security controlapparatus 40 can be monitoring the signal communication conductedbetween the two functional blocks to see if any user, either authorizedor not, has depressed on the keyboard 20 with a string of keystrokesthat conform to the valid password.

In one preferred embodiment of the invention, when the computer isturned off, the security control apparatus 40 still maintains powered onby the power supply unit 30, enjoying the necessary power source forimplementing its designed security functionality. In the case of an ATXmotherboard, the security control apparatus 40 of the invention may bepowered by the 5VSB power source when the system is in the power-downcondition. The 5VSB power source of the ATX can provide sufficientelectric current for the operation of the apparatus 40 in order tomonitor the keystrokes at the keyboard 20 when the system is poweredoff. Meanwhile, the power supply unit 30 is also required to supplysufficient power to the external keyboard unit 20 for the keystrokescanning circuitry to operate under control of the keyboardmicrocontroller.

As a user, either the rightful one or anyone trying to break into thecomputer system, depresses keystrokes over the external keyboard 20,trying to input to the computer system a string of characters conformingto the preset password, the security control apparatus 40 can bemonitoring the depressed keystrokes and compare them with the pre-storedpassword. If the result of the comparison between the stored passwordand the input keystrokes is positive, an enabling signal can begenerated by the security control apparatus 40, so as to turn on thepower supply unit 30, which then initiates and brings up the entirecomputer system.

Once the power supply unit 30 is turned on, the computer system mayproceed with the normal boot up sequence so that the computer mayfunction normally. For example, under the specification of the ATX, whenthe security control apparatus 40 determines a keystroke string input isa valid password, the enabling signal generated by the apparatus 40 maybe tied to the PS-ON input in the ATX power supply unit 30. As personsskilled in the art may well be aware, a logically positive, i.e.,logically low-level, signal sent over to the PS-ON input of an ATX powersupply 30 turns on the power supply unit which then powers up thecomputer system.

On the other hand, if the security control apparatus 40 determines thatthe depressed password keystrokes are not valid, the PS-ON input to theATX power supply 30 is then maintained at the logically negative status.The logical high-level signal maintains the ATX power supply unit 30 atits power-off status. In this case, except the external keyboard unit 20and the security control apparatus 40, the entire computer system,including the CPU, the disk subsystem, and even the keyboard controller12 in the motherboard 10 are all maintained off. In other words,regardless of whatever and how many times the intruder tries on theexternal keyboard unit 20 of the computer system, the power supply unit30 is kept on the powered down status so long as the correct password isnot given. Since the power supply unit 30 is maintained off, vitalcomponents of the computer system, in particular the delicate andrelatively vulnerable disk subsystem, will not be repeatedly powered upand then down in a rapid manner during the process of the repeatedpassword guessing session. Possibilities of damages to the computercomponents as a result of the rapid power-on and -off cycles may thus bevirtually avoided.

In a preferred embodiment, the security control apparatus 40 of theinvention may further include the generation of another control signalSW that can be relayed to the keyboard controller 12 of the motherboard10. When the computer system is under the power-down status, this signalallows the security control apparatus 40 to keep on intercepting thekeyboard signals KBDATA and KBCLK for monitoring the validity of thepassword input, if any is depressed on the keyboard 20. On the otherhand, when the computer system is powered on successfully (i.e., viacorrect input of valid password), the control signal SW can be used toreturn the normal flow of the keyboard signals KBDATA and KBCLK to thekeyboard controller 12 and the external keyboard unit 20, as is normalin the case of a conventional computer system.

It should, however, be noticed that as the security control apparatus 40is constantly monitoring the key-depressing status over the externalkeyboard unit 20 while the computer system is turned off, power supplyV_(KB) to the keyboard unit 20, as is in the case of FIG. 2, is suppliedby the standby power 5VSB of the ATX power supply unit 30. This isnecessary as the main 5-volt supply V_(DD) of an ATX during the masteroff state is cut off. The standby 5-volt power, 5VSB, however, maintainsactive during the master off status and is able to provide a specifieddriving capacity. After the normal power-on of the computer system,power to the external keyboard unit can be switch from the standby power5VSB to the master power V_(DD). If, however, the external keyboard unitremains to be powered by the standby power after the normal boot up ofthe computer system, it is also feasible as well.

A preferred embodiment of the circuitry for the security controlapparatus of the invention is examined below. FIG. 3 is a block diagramshowing the circuitry configuration of the security control apparatus inaccordance with the preferred embodiment of the invention. As isillustrated in the drawing, the apparatus generally includes a keyboardinput data decoder (KBDEC) 41, a first-in first-out (FIFO) buffer 42, apassword memory (PWM) 43, a compare unit (CL) 44, a keyboard interceptunit (KBIL) 45, and a power supply control unit (PSCL) 46.

First of all, the keyboard intercept unit 45 generates a keyboard signalintercept control signal SW based on the power-up and -down condition ofthe computer system. In a preferred embodiment, the keyboard interceptunit 45 can be a logic circuit that simply generates a logic signal SWwith reversing logical states to represent the power-on and -off statusof the computer system respectively. When the computer system is in itspowered off status, the SW signal with one logical state can be used tocontrol the interception of the keyboard signals KBDATA and KBCLK formonitoring. On the other hand, when the computer system is in itspowered on status, the SW signal with a reversed logical state can beused to return the normal keyboard signal communication between theexternal keyboard unit 20 and the keyboard controller 12 of themotherboard 10, as is depicted in the block diagram of FIG. 2.

For example, in the preferred embodiment, one three-state buffer can beused for each of the keyboard signals KBDATA and KBCLK to facilitate thecontrol of whether or not to intercept this pair of signals between theexternal keyboard unit 20 and the keyboard controller 12 of the computersystem motherboards 10. FIG. 4 illustrates a schematic diagram showingthe circuitry configuration of the security control apparatus inaccordance with the preferred embodiment of the invention. The inventiveapparatus intercepts the keyboard signals KBDATA and KBCLK in order todetermine whether or not a valid password to bring up the computersystem is received in the system. As shown in the drawing, the keyboardcontroller interface 12 includes a typical microcontroller 120, which,in the typical IBM-compatible systems, may be an Intel 8042/8048 8-bitmicrocontroller or the equivalent. In the keyboard controller interface12 of the IBM-compatible systems, the microcontroller 120 that controlsthe interface has each of the P27 and P26 ports thereof output thekeyboard signals KBDATA and KBCLK via an open-collector bufferrespectively. In a computer system employing the security controlapparatus of the invention, these two open-collector buffers can bereplaced by a pair of three-state buffers 121 and 122 respectively.

As is illustrated in FIG. 4, the two three-state buffers 121 and 122 inthe preferred embodiment may be powered by the same power source V_(KB)that powers the external keyboard unit 20. This is because these twobuffers must remain active together with the external keyboard itself.

When the computer system is powered down, keyboard intercept unit 45 ofthe security control apparatus 40 generates a control signal SW that hasa logical low level. As the three-state buffers 121 and 122 employed inthe preferred embodiment depicted in FIG. 4 have logical positive enableinput control, therefore, a logical low-level control signal SW bringsboth buffers to the high-impedance turned-off state. Under such asituation, the circuitry behind the input terminal of the buffers can beconsidered to be in virtually cut off from the keyboard signal linesKBDATA and KBCLK respectively. On the other hand, when the computersystem is powered up as a result of correct password entry, the keyboardintercept unit 45 generates a corresponding control signal SW at itslogical high status. This version of the control signal SW effectivelyconnects P27 and P26 ports of the microcontroller 120 to the externalkeyboard units 20. The connection is via the pair of activatedthree-state buffers 121 and 122 at the keyboard signals KBDATA and KBCLKrespectively. This effectively establishes the normal electrical signalconnection between the external keyboard unit 20 and the motherboard 10of the computer system.

Thus, in the preferred embodiment described above, the keyboardintercept unit 45 may be replaced simply by the main 5-volt power sourceV_(DD) of the power supply unit 30. In other words, output enablecontrol inputs of the two three-state buffers 121 and 122 for thekeyboard interface can be tied directly, or via a properly selectedpull-up resistor, to the V_(DD).

Then, referring again to FIG. 3, as the computer system is brought intothe power-down state, the keyboard intercept unit 45 may be able tointercept and switch the keyboard signals KBDATA and KBCLK into thesecurity control apparatus 40. The intercepted keyboard signals may thusbe sent directly to the keyboard input data decoder 41 for decoding. Thedecoder 41 may then convert the received alphanumeric characters asrepresented by the keyboard signals into the standard codes used in thecomputer system one after the other. These converted codes representingthe entered keystrokes are then sent to the first-in first-out buffer 42for storage in a predetermined data format and awaits furtherprocessing.

On the other hand, through proper operation procedures conducted inadvance, the designated password can be stored in the password memory43. In a preferred embodiment of the invention, this password memory 43may be a non-volatile random-access memory (NVRAM) device that canmaintain its stored information permanently after the removal of power.Or, in the case of an IBM-compatible computer, the password memory 43may also be a designated memory space in the CMOS memory used formaintaining information that records the computer system hardwareconfiguration. As another embodiment, the password memory 43 may also bea simple static random-access memory (SRAM) that has a back-up batteryto maintain its memory content after the computer system is powereddown.

In the process of activating the computer system power supply viapassword entry, the password may be concluded by, for example, a depresson the return key over the keyboard. In other words, the return key,which is never a key allowed for the password, may be used to signifythe end of a password character string entry. Upon receiving thissignifying key signal, a firmware routine of the computer system maythen be initiated to let the compare unit 44 load and compare the inputpassword entry with the pre-stored valid password from the first-infirst-out buffer 42 and the password memory 43 respectively. As a resultof the comparison, the compare unit 44 generates a password match signalPM, which may then be relayed to the power supply control unit 46.

Based on the logical state of the password match signal PM, the powersupply control unit 46 generates a power supply control signal that canbe used to directly interface and control the power supply unit of thecomputer system. For instance, in the case of an ATX power supply, thisgenerated power supply control signal may be the logically negativePS-ON signal complying to the ATX specification which may be tieddirectly to the PS-ON input of the ATX power supply. In the case of theATX power supply, a logical high-level signal at the PS-ON input keepsthe power supply remained at its turned off state. On the other hand,the logical low signal on the PS-ON input will activate the power supplyand brings up the computer system unconditionally.

In a preferred embodiment, further controlling signals derived fromother control logic of the computer system can be relayed to the powersupply control unit 46. These additional controlling signals may be usedas contributing factors in the process of the generation of the powersupply control signal, the PS-ON signal in the depicted example of FIG.3 used to control the ATX power supply unit 30. For example, if thecomputer system is equipped with a main power switch, a signal MSW usedto designate the logical on-off status of this switch may be input tothe power supply control unit 46, as is illustrated in the drawing. Inthe case of logically positive convention for both the password match PMand the main switch status MSW signals, a logical NAND operation may beimplemented on both signals by the power supply control unit 46 toobtain the logically negative PS-ON output.

While the invention has been described by way of example and in terms ofpreferred embodiment, it is to be understood that the invention need notbe limited to the disclosed embodiments. For example, typicalIBM-compatible computer systems employ a simple 8-bit microcontroller toimplement the keyboard interface control on the system motherboard. Thetypical external keyboard unit used in these ×86-based computers maytherefore employ a microcontroller having correspondingly compatibleprocessing capability to implement the control of the independentkeyboard unit. Microcontrollers at both sides of the keyboard interfacemay be communicating to each other in a serial connection. However,other forms of communication between the two are also possible for theimplementation of the invention.

For instance, since there are other peripheral devices present on theXA/XD peripheral buses where the keyboard interface microcontrollerresides, microcontroller of higher performance may be necessary toreplace the conventional Intel 8042/8048 device used in the case of anIBM-compatible computer. Under such a situation, the security controlapparatus of the invention is still applicable.

Meanwhile, due to the fact the modern personal computers are builtaround ASIC (application-specific IC) devices, the security controlapparatus of the invention is also feasible in these ASIC circuitry andmay be included in the core logic chipsets of the computer system. Sincethe logic circuitry of the security control apparatus of the inventionis relatively simple compared with the computer core logic, therefore,the incorporation of the inventive apparatus in the computer core logicASIC device barely adds noticeably to the overall gate count. In otherwords, ASIC devices incorporating the apparatus of the invention doesnot add significantly to the total semiconductor fabrication cost. Onthe other hand, since the security control apparatus has a relativelysimple logic circuitry, minor electric power is consumed. In otherwords, the incorporation of the security control apparatus of theinvention is very suitable for the standby power source in power supplyunits such as the ATX specification.

Further, in addition to power supply unit of the ATX specification,other standards such as the NLX or PS/2, whichever featuring theenabling input for implementing the soft power control, are allapplicable as well.

Therefore, the above descriptive paragraphs are intended to covervarious modifications and similar arrangements included within thespirit and scope of the appended claims, the scope of which should beaccorded the broadest interpretation so as to encompass all suchmodifications and similar structures.

What is claimed is:
 1. A power-up security control apparatus for acomputer system having a mainboard circuitry, a power supply, and akeyboard, the apparatus comprising:a keyboard intercept unit forintercepting keyboard signals capable of communicating between akeyboard controller interface of the mainboard circuitry and thekeyboard when the computer system is off; a keyboard input data decoderfor receiving and decoding the keyboard signals intercepted by thekeyboard intercept unit; a buffer connected to an output of the keyboardinput data decoder for storing the decoded keyboard signals in apre-determined format; a password memory for storing a preset passwordfor authorizing the computer system to power up; a comparing unit havinginputs connected to the output of the buffer and the password memory,the comparing unit comparing the decoded keyboard signals and the presetpassword and generating a matching condition signal indicating whetherthe decoded keyboard signals and the preset password match; and a powersupply control unit receiving the matching condition signal andsubsequently generating a control signal based on a logical status ofthe matching condition signal in order to control the power supply ofthe computer system.
 2. The apparatus of claim 1, wherein the powersupply control unit generates the control signal to the power supply tosupply power to the computer system when the comparing unit generates apositive matching condition signal as a result of the comparison, andmaintaining the power supply powered off when the comparing unitgenerates a negative matching condition signal as a result of thecomparison.
 3. The apparatus of claim 2, wherein the power supplycontrol unit further includes a logic circuitry, and the power supplycontrol unit outputs a result of a logical operation performed based onthe result of the matching condition and a logical status of a mainswitch of the computer system.
 4. The apparatus of claim 2, wherein thepower supply complies with the ATX standard, and the power supplycontrol unit comprises a logical NAND circuit performing a NANDoperation on the matching condition and the logical status of the mainswitch of the computer system, and the power supply control unitgenerates a PS-ON signal to the ATX power supply.
 5. The apparatus ofclaim 4, wherein the circuitry subsystems of the computer system exceptthe apparatus and the keyboard are powered off when the computer systemis off, and wherein the apparatus and the keyboard are powered by a 5VSBstandby power source of an ATX power supply.
 6. The apparatus of claim2, wherein circuitry subsystems of the computer system except theapparatus and the keyboard are powered off when the computer system isoff.
 7. The apparatus of claim 2, wherein the password memory is anon-volatile random-access memory device.
 8. The apparatus of claim 2,wherein the password memory is a designated memory space in a CMOSconfiguration memory of the computer system.
 9. The apparatus of claim2, wherein the password memory is a static random-access memorysupported by a back-up battery when the computer system is turned off.10. The apparatus of claim 1, wherein the power supply of the computersystem includes an enabling input, and the power supply is initiatedwhen the power supply control unit outputs an enabling signal to theenabling input of the power supply in order to initiate the power supplyfor powering up the computer system.
 11. The apparatus of claim 1,wherein the decoded data of the keyboard signals is stored in apre-determined format.
 12. A system for controlling power-up of acomputer system having a keyboard connected to a keyboard controller,said computer system connected to a power source, said systemcomprising:a keyboard intercept unit for intercepting keyboard signalsdirected to the keyboard controller; a memory for storing a password; acomparing unit configured to compare received keyboard signals to thestored password; a power supply control unit, connected to the comparingunit, outputting a power control signal to turn on the power source whenthe keyboard signals match the stored password, wherein said keyboardintercept unit includes means for intercepting keyboard signals when thepower source is off.
 13. A system for controlling power-up of a computersystem having a keyboard connected to a keyboard controller, saidcomputer system connected to a power source, said system comprising:akeyboard intercept unit for intercepting keyboard signals directed tothe keyboard controller; a memory for storing a password; a comparingunit configured to compare received keyboard signals to the storedpassword; a power supply control unit, connected to the comparing unit,outputting a power control signal to turn on the power source when thekeyboard signals match the stored password; and a standby power sourceconfigured to output power to the keyboard intercept unit, comparingunit and power supply control unit when the power source is off.
 14. Apower-up security control apparatus for a computer system having amainboard circuitry, a power supply, and a keyboard, the apparatuscomprising:a keyboard input data decoder for receiving and decodingkeyboard signals; a buffer connected to an output of the keyboard inputdata decoder for storing the decoded keyboard signals in apre-determined format; a password memory for authorizing the computersystem to power up; a comparing unit having inputs connected to theoutput of the buffer and the password memory, the comparing unitcomparing the decoded keyboard signals and a preset password andgenerating a matching condition signal indicating whether the decodedkeyboard signals and the preset password match; a power supply controlunit comprising a logic circuitry and receiving the matching conditionsignal and subsequently generating a control signal based on a result ofa logical operation performed by the logic circuitry on both a matchingcondition and a status of a main power switch of the computer system, inorder to control the power supply of the computer system; and a keyboardintercept unit for intercepting the keyboard signals capable ofcommunicating between a keyboard controller interface of the mainboardcircuitry and the keyboard when the computer system is off.